MS-101 Microsoft 365 Mobility and Security Exam Questions and Answers – Page 1

The latest MS-101 Microsoft 365 Mobility and Security certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the MS-101 Microsoft 365 Mobility and Security exam and earn MS-101 Microsoft 365 Mobility and Security certification.

Exam Question 51

Your network contains an on-premises Active Directory domain. The domain contains domain controllers that run Windows Server 2019. The functional level of the forest and the domain is Windows Server 2012 R2.

The domain contains 100 computers that run Windows 10 and a member server named Server1 that runs Windows Server 2012 R2.

You plan to use Server1 to manage the domain and to configure Windows 10 Group Policy settings.
You install the Group Policy Management Console (GPMC) on Server1.
You need to configure the Windows Update for Business Group Policy settings on Server1.
Solution: You upgrade Server1 to Windows Server 2019.
Does this meet the goal?

A. Yes
B. No
Correct Answer:
A. Yes

Exam Question 52

You have a hybrid Azure Active Directory (Azure AD) tenant and a Microsoft Endpoint Configuration Manager deployment.
You have the devices shown in the following table.

NamePlatformConfiguration
Device1Windows 10Hybrid joined to non-premises Active Directory and Azure AD only
Device2Windows 10Joined to Azure AD and enrolled in Configuration Manager only
Device3Windows 10Enrolled in Microsoft Endpoint Manager and has the Configuration Manager agent installed only

You plan to enable co-management.
You need to identify which devices support co-management without requiring the installation of additional software.
Which devices should you identify?

A. Device1 only
B. Device2 only
C. Device3 only
D. Device2 and Device3 only
E. Device1, Device2, and Device3
Correct Answer:
D. Device2 and Device3 only

Exam Question 53

You have a Microsoft 365 subscription that contains the users shown in the following table.

NameMember ofAzure Active Directory (Azure AD) role
User1Group1Global administrator
User2Group2Cloud device administrator

You configure an Enrollment Status Page profile as shown in the following exhibit.
You configure an Enrollment Status Page profile as shown in the following exhibit.
You assign the policy to Group1.
You purchase the devices shown in the following table.

NamePlatform
Device1Windows 10
Device2Android

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • If User1 performs the initial device enrollment for Device1, the Enrollment Status Page will show.
  • If User1 performs the initial device enrollment for Device2, the Enrollment Status Page will show.
  • If User2 performs the initial device enrollment for Device2, the Enrollment Status Page will show.

Correct Answer:

  • If User1 performs the initial device enrollment for Device1, the Enrollment Status Page will show: Yes
  • If User1 performs the initial device enrollment for Device2, the Enrollment Status Page will show: No
  • If User2 performs the initial device enrollment for Device2, the Enrollment Status Page will show: No

Exam Question 54

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

NameMember of
User1Group1
User2Group2
User3Group1, Group2

You integrate Microsoft Intune and contoso.com as shown in the following exhibit.
You integrate Microsoft Intune and contoso.com as shown in the following exhibit.
You purchase a Windows 10 device named Device1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • If User1 joins Device1 to contoso.com, Device1 is enrolled in Intune automatically.
  • If User2 joins Device1 to contoso.com, Device1 is enrolled in Intune automatically.
  • If User3 register Device1 in contoso.com, Device1 is enrolled in Intune automatically.

Correct Answer:

  • If User1 joins Device1 to contoso.com, Device1 is enrolled in Intune automatically: Yes
  • If User2 joins Device1 to contoso.com, Device1 is enrolled in Intune automatically: No
  • If User3 register Device1 in contoso.com, Device1 is enrolled in Intune automatically: No

Exam Question 55

You have an Azure subscription and an on-premises Active Directory domain. The domain contains 50 computers that run Windows 10.
You need to centrally monitor System log events from the computers.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

In Azure:

  • Add and configure the Diagnostics settings for the Azure Activity Log.
  • Add and configure an Azure Log Analytics workspace.
  • Add an Azure Storage account and Azure Cognitive Search.
  • Add an Azure Storage account and a file share.

On the computers:

  • Create an event subscription.
  • Modify the membership of the Event Log Readers group.
  • Enroll in Microsoft Endpoint Manager.
  • Install the Microsoft Monitoring Agent.

Correct Answer:

  • In Azure: Add and configure an Azure Log Analytics workspace.
  • On the computers: Install the Microsoft Monitoring Agent.

Exam Question 56

You have a Microsoft 365 subscription that contains the users in the following table.

NameMember of
User1Group1
User2Group1, Group2
User3Group3

In Microsoft Endpoint Manager, you create two device type restrictions that have the settings shown in the following table.

PriorityNameAllowed platformAssigned to
1TypeRest1Android, Windows (MDM)Group1
2TypeRest2iOSGroup2

In Microsoft Endpoint Manager, you create three device limit restrictions that have the settings shown in the following table.

PriorityNameDevice limitAssigned to
1LimitRest17Group2
2LimitRest210Group1
3LimitRest35Group3

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • User1 can enroll up to 10 Windows 10 devices in Microsoft Endpoint Manager.
  • User2 can enroll up to 10 iOS devices in Microsoft Endpoint Manager.
  • User3 can enrolled up to five Android devices in Microsoft Endpoint Manager.

Correct Answer:

  • User1 can enroll up to 10 Windows 10 devices in Microsoft Endpoint Manager: Yes
  • User2 can enroll up to 10 iOS devices in Microsoft Endpoint Manager: No
  • User3 can enrolled up to five Android devices in Microsoft Endpoint Manager: No

Exam Question 57

You have a Microsoft 365 E5 subscription.
Several users have iOS devices.
You plan to enroll the iOS devices in Microsoft Endpoint Manager.
You need to ensure that you can create an iOS/iPadOS enrollment profile in Microsoft Endpoint Manager.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

  • From the Microsoft Endpoint Manager admin center, add a device enrollment manager.
  • From the Microsoft Endpoint Manager admin center, download a certificate signing request.
  • Upload an Apple MDM push certificate to Microsoft Endpoint Manager.
  • Create a certificate from the Apple Push Certificates Portal.
  • From the Microsoft Endpoint Manager admin center, configure device enrollment restrictions.

Correct Answer:

  • From the Microsoft Endpoint Manager admin center, download a certificate signing request.
  • Create a certificate from the Apple Push Certificates Portal.
  • Upload an Apple MDM push certificate to Microsoft Endpoint Manager.

Exam Question 58

You have a Microsoft 365 E5 tenant that contains the users shown in the following table.

NameMember of
User1UserGroup1
User2UserGroup2
User3UserGroup3

The tenant contains the devices shown in the following table.

NameOwnerInstalled appsPlatformMicrosoft Intune
Device1User1NoneWindows 10Enrolled
Device2User2App2AndroidNot enrolled
Device3User3NoneiOSNot enrolled

You have the apps shown in the following table.

NameType
App1iOS store app
App2Android store app
App3Microsoft store app

You plan to use Microsoft Endpoint Manager to manage the apps for the users.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • App1 can be assigned as a required install for User3.
  • App2 can be uninstalled from Device2 by using Microsoft Endpoint Manager.
  • App3 can be installed automatically for UserGroup1.

Correct Answer:

  • App1 can be assigned as a required install for User3: No
  • App2 can be uninstalled from Device2 by using Microsoft Endpoint Manager: No
  • App3 can be installed automatically for UserGroup1: Yes

Exam Question 59

Your network contains an on-premises Active Directory domain. The domain contains domain controllers that run Windows Server 2019. The functional level of the forest and the domain is Windows Server 2012 R2.

The domain contains 100 computers that run Windows 10 and a member server named Server1 that runs Windows Server 2012 R2.

You plan to use Server1 to manage the domain and to configure Windows 10 Group Policy settings.
You install the Group Policy Management Console (GPMC) on Server1.
You need to configure the Windows Update for Business Group Policy settings on Server1.
Solution: You raise the domain functional level to Windows Server 2019. You copy the Group Policy Administrative Templates from a Windows 10 computer to the Netlogon share on all the domain controllers.
Does this meet the goal?

A. Yes
B. No
Correct Answer:
B. No

Implement modern device services: Testlet 2 Case Study

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The company has the employees and devices shown in the following table.

LocationEmployeesLaptopsDesktopsMobile devices
Montreal2,5002,8003003,100
Seattle1,0001,1002001,500
New York30032030400

Contoso recently purchased a Microsoft 365 E5 subscription.

Existing Environment

The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table.

NameConfiguration
Server1Domain controller
Server2Member server
Server3Network Policy Server (NPS)server
Server4Remote access server
Server5Microsoft Azure AD Connect server

All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain.
The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS.
The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table.

NameAzure AD role
User1None
User2Application administrator
User3Cloud application administrator
User4Global administrator
User5Intune administrator

The domain also includes a group named Group1.

Requirements

Planned Changes

Contoso plans to implement the following changes:

  • Implement Microsoft 365.
  • Manage devices by using Microsoft Intune.
  • Implement Azure Advanced Threat Protection (ATP).
  • Every September, apply the latest feature updates to all Windows computers. Every March, apply the latest feature updates to the computers in the New York office only.

Technical Requirements

Contoso identifies the following technical requirements:

  • When a Windows 10 device is joined to Azure AD, the device must enroll in Intune automatically.
  • Dedicated support technicians must enroll all the Montreal office mobile devices in Intune.
  • User1 must be able to enroll all the New York office mobile devices in Intune.
  • Azure ATP sensors must be installed and must NOT use port mirroring.
  • Whenever possible, the principle of least privilege must be used.
  • A Microsoft Store for Business must be created.

Compliance Requirements

Contoso identifies the following compliance requirements:

  • Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Intune and configured in accordance with the corporate policy.
  • Configure Windows Information Protection (WIP) for the Windows 10 devices.

Exam Question 60

You need to ensure that the support technicians can meet the technical requirement for the Montreal office mobile devices.
What is the minimum of dedicated support technicians required?

A. 1
B. 4
C. 7
D. 31
Correct Answer:
B. 4